package com.springstudy.shiro.controller;

import com.springstudy.shiro.entity.Response;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author chenrongrong
 * @since 2020/3/11 9:03
 */
@RestController
@RequestMapping(value = "role")
public class RoleController {

    /**
     * 显示判断是否存在角色
     * @return
     */
    @PostMapping(value = "testRole")
    public Object testRole() {
        String role = "admin";
        Subject subject = SecurityUtils.getSubject();

        //也可以使用subject.checkRole()来直接检查是否含有某角色，
        // 该方法如果发现不含有角色时会抛出异常
        if(subject.hasRole(role)) {
            return Response.ok();
        }
        return Response.fail();
    }

    /**
     * 显示判断是否存在权限
     * @return
     */
    @PostMapping(value = "testPermission")
    public Object testPermission() {
        String permissions = "test:add";

        //还可以使用通配符来设置权限
        //String permissions = "test:*";
        //String permissions = "*:view";
        try {
            Subject subject = SecurityUtils.getSubject();
            subject.checkPermissions(permissions);
            return Response.ok();
        } catch (Exception e) {
            return Response.fail();
        }
    }

    /**
     * 限制admin角色调用
     * @return
     */
    @RequiresRoles(value = {"admin"})
    @PostMapping(value = "testRoleAdmin")
    public Object testRoleAdmin() {
        return Response.ok();
    }

    /**
     * 限制角色为admin或custom
     * @return
     */
    @RequiresRoles(value = {"admin", "custom"}, logical = Logical.OR)
    @PostMapping(value = "testRoleAdminOrCustom")
    public Object testRoleAdminOrCustom() {
        return Response.ok();
    }

    /**
     * 限制角色为admin并且custom
     * @return
     */
    @RequiresRoles(value = {"admin", "custom"}, logical = Logical.AND)
    @PostMapping(value = "testRoleAdminAndCustom")
    public Object testRoleAdminAndCustom() {
        return Response.ok();
    }

    /**
     * 限制操作权限为test.add
     * @return
     */
    @RequiresPermissions(value = {"test:add"})
    @PostMapping(value = "testPermissionAdd")
    public Object testPermissionAdd() {
        return Response.ok();
    }

    /**
     * 限制操作权限为test.add或test.update
     * @return
     */
    @RequiresPermissions(value = {"test:add", "test:update"}, logical = Logical.OR)
    @PostMapping(value = "testPermissionAddOrUpdate")
    public Object testPermissionAddOrUpdate() {
        return Response.ok();
    }

    /**
     * 限制操作权限为test.add和test.update
     * @return
     */
    @RequiresPermissions(value = {"test:add", "test:update"}, logical = Logical.AND)
    @PostMapping(value = "testPermissionAddAndUpdate")
    public Object testPermissionAddAndUpdate() {
        return Response.ok();
    }

    /**
     * 通过filter校验任意角色是否满足
     * @return
     */
    @RequestMapping(value = "testAnyRolesFilter")
    public Object testAnyRolesFilter() {
        Subject subject = SecurityUtils.getSubject();
        return Response.ok();
    }
}
